More than 23.7 million hardcoded secrets were published to GitHub last year, which was 25% more than leaked secrets in 2023, despite the software development platform's intensified efforts to crack down on secret exposures, reports Cybernews.
Fifty-eight percent of all leaked secrets were generic, including source code-embedded hardcoded passwords, database connection strings, plaintext encryption keys, and custom authentication tokens, according to findings by GitGuardian.
MongoDB credentials accounted for most of the secrets exposed on public GitHub repositories, while ODBC connection strings were the bulk of those leaked by private repositories. Moreover, hardcoded secrets were eight times more common in private repositories, indicating organizations' dependence on "security through obscurity," according to the GitGuardian researchers.
Another report from Cybernews researchers showed the prevalence of secret exposures across iOS apps. More than 815,000 hardcoded secrets have been divulged by over 156,000 apps in Apple's App Store, suggesting at least one hardcoded secret is exposed by a majority of iOS apps, noted Cybernews researchers.
